[c-nsp] PIX 506E handling multiple public networks
Laurent Geyer
lgeyer at 085zehn.com
Thu Jan 11 13:42:02 EST 2007
On 1/10/07, Daniel Lacey <daniel_p_lacey at yahoo.com> wrote:
>
> My question is:
> Can I use the existing PIX to somehow make this work?
>
> Any suggestions are welcome!
>
There are several options for you to make this work and which one to pick
largely depends on the setup of your webfarm.
You mention one to one statics, are there any plans for web servers to host
multiple IP based domains? If that's the case than one to one statics aren't
really an option because you cannot define a static translation for more
than one local IP address.
The way we generally set this up for our environments is to define public to
public statics for IP address assignments, and then route either individual
IP addresses are smaller subnets to the local hosts.
For example:
static (inside,outside) 10.10.10.0 10.10.10.10.0 netmask 255.255.255.0
route inside 10.10.10.0 255.255.255.128 192.168.0.10
route inside 10.10.10.128 255.255.255.128 192.168.0.11
Obviously you'd have to define a loopback/virtual interface with the
routed/assigned subnet on each node of the webfarm in order for them to
respond to ARP requests.
- Laurent
More information about the cisco-nsp
mailing list